wjz-13 all-news-99-1-wnew 1057-the-fan 1300logo2_67x35

Local

Self-Described Hacker Says He Warned Univ. Of Md. Before Data Breach

View Comments
David Helkowski
Derek Valcourt 370x278 Derek Valcourt
Derek Valcourt began working at WJZ in September 2002. His first major...
Read More

Get Breaking News First

Receive News, Politics, and Entertainment Headlines Each Morning.
Sign Up
Popular Entertainment Photo Galleries

POEts: The Legendary, The Celebrity, The Local, The ControversialPOEts: The Legendary, The Celebrity, The Local, The Controversial

Celebrities Born Outside The U.S.Celebrities Born Outside The U.S.

Top Celebrities On TwitterTop Celebrities On Twitter

Ranking Stephen KingRanking Stephen King

Famous Women Who Underwent Double MastectomiesFamous Women Who Underwent Double Mastectomies

» More Photo Galleries

PARKVILLE, Md. (WJZ) — A Baltimore man says he discovered major security holes in University of Maryland computer systems months before the university announced a massive data breach affected hundreds of thousands connected to the College Park campus.

Derek Valcourt has more on the man now raising eyebrows in this expanding investigation.

He’s now wrapped up in an FBI investigation into the data breach, but tells WJZ he was just trying to be a whistleblower.

“I found a hole in their system,” David Helkowski said.

He calls himself a hacker. In an exclusive interview with WJZ, Helkowski says he knew and even warned about the potential for a sophisticated cyber attack on computer systems at the University of Maryland four months before the university announced a data breach, jeopardizing the names, birth dates and other sensitive information of more than 300,000 students, faculty and alumni.

“I went into the systems, I found how bad their security was and then I passed that information on to the university,” said Helkowski.

At the time of the cyber attack, Helkowski worked for Baltimore-based cyber consulting firm The Canton Group, contracted to do work for the university.

He says weeks after the cyber attack he again found vulnerabilities.

“At that point, we were like, ‘Whoa, this is really bad.’ This security hole was not only still here after the breach that was in the news, but it’s equal and greater than that,” said Helkowski.

Concerned his discovery was falling on deaf ears, he began posting anonymous warnings–contained in the FBI affadavit–and went so far as to post university president Wallace Loh’s social security number online.

The FBI soon traced those warnings back to Helkowski.

“That’s going to get me into a lot of trouble. I could do jail time as a result of doing that,” Helkowski said. “That was never my intent. My intent was only ever to help them and say, ‘Here’s the seriousness of these issues. You really need to take care of these things.'”

University officials would not comment on the Helkowski investigation. Neither would the FBI, who is working with a university security task force investigating the data breach.

The FBI executed search warrants at Helkowski’s Parkville home, confiscating thousands of dollars worth of sophisticated computer equipment. He says he is cooperating and has handed over all of his encrypted passwords.

The Canton Group says Helkowski is no longer employed there and they are working with all law enforcement agencies.

Helkowski has not been charged with any crimes, but fears the possible repercussions of his actions.

“At the time, I was believing what I was doing to be right,” said Helkowski. “The problem is, if I’m aware of something not being legal, I should not be doing those things. And I understand that. And I understand that there are going to be potential consequences for that.”

Helkowski says he believes the university has addressed and fixed their security vulnerabilities. He insists he had no role in the data breach and was just trying to help.

No arrests have been made in that breach. The FBI’s investigation into all of this is ongoing.

To view the entire affidavit, click here.

Other Local News:

View Comments
blog comments powered by Disqus
Follow

Get every new post delivered to your Inbox.

Join 3,216 other followers